123

Gilbert Peterson

Sujeet Shenoi

(Eds.)

Advances in

Digital Forensics XII

IFIP AICT 484

IFIP Advances in Information

and Communication Technology 484

Editor-in-Chief

Kai Rannenberg, Goethe University Frankfurt, Germany

Editorial Board

Foundation of Computer Science

Jacques Sakarovitch, Télécom ParisTech, France

Software: Theory and Practice

Michael Goedicke, University of Duisburg-Essen, Germany

Education

Arthur Tatnall, Victoria University, Melbourne, Australia

Information Technology Applications

Erich J. Neuhold, University of Vienna, Austria

Communication Systems

Aiko Pras, University of Twente, Enschede, The Netherlands

System Modeling and Optimization

Fredi Tröltzsch, TU Berlin, Germany

Information Systems

Jan Pries-Heje, Roskilde University, Denmark

ICT and Society

Diane Whitehouse, The Castlegate Consultancy, Malton, UK

Computer Systems Technology

Ricardo Reis, Federal University of Rio Grande do Sul, Porto Alegre, Brazil

Security and Privacy Protection in Information Process ing Systems

Stephen Furnell, Plymouth University, UK

Artificial Intelligence

Ulrich Furbach, University of Koblenz-Landau, Germany

Human-Computer Interaction

Jan Gulliksen, KTH Royal Institute of Technology, Stockholm, Sweden

Entertainment Computing

Matthias Rauterberg, Eindhoven University of Technology, The Netherlands

IFIP – The International Federation for Information Processing

IFIP was founded in 1960 under the auspi ces of UNESCO, following the first World

Computer Congress held in Paris the previous year. A federation for societies working

in information processing, IFIP’s aim is two-fold: to support information processing in

the countries of its members and to encourage technology transfer to developing na-

tions. As its mission statement clearly states:

IFIP is the global non-proﬁt federation of societies of ICT professionals that aims

at achieving a worldwide professional and socially responsible development and

application of information and communication technologies.

IFIP is a non-proﬁt-making organization, run almost solely by 2500 volunteers. It

operates through a number of technical committees and working groups, which organize

events and publications. IFIP’s events range from large international open conferences

to working conferences and local seminars.

The ﬂagship event is the IFIP World Computer Congre ss, at which both invited and

contributed papers are presented . Contributed papers are rigorously refereed and the

rejection rate is high.

As with the Congress, participation in the open conferen ces is open to all and papers

may be invited or submitted. Again, submitted papers are stringently refereed.

The working conferences are structured differently. They are usually run by a work-

ing group and attendance is generally smaller and occasionally by invitation only. Their

purpose is to create an atmosphere conducive to innovation and development. Referee-

ing is also rigorous and papers are subjected to extensive group discussion.

Publications arising from IFIP events vary. The papers presented at the IFIP World

Computer Congress and at open conferences are published as conference proceedings,

while the results of the working conferences are often published as collections of se-

lected and edited papers.

IFIP distinguishes three types of institutional membership: Country Representative

Members, Members at Large, and Associate Members. The type of organization that

can apply for membership is a wide variety and includes national or international so-

cieties of individual computer scientists/ICT professionals, associations or federations

of such societies, government institutions/govern ment related organization s, national or

international research institutes or consortia, universities, academies of sciences, com-

panies, national or international associations or federations of companies.

More information about this series at http://www.springer.com/series/6102

Gilbert Peterson

•

Sujeet Shenoi (Eds.)

Advances

in Digital Forensics XII

12th IFIP WG 11.9 International Conference,

New Delhi, January 4–6, 2016

Revised Selected Papers

123

Editors

Gilbert Peterson

Department of Electrical and Computer

Engineering

Air Force Institute of Technology

Wright-Patterson AFB, Ohio

USA

Sujeet Shenoi

Tandy School of Computer Science

University of Tulsa

Tulsa, Oklahoma

USA

ISSN 1868-4238 ISSN 1868-422X (electronic)

IFIP Advances in Information and Communication Technology

ISBN 978-3-319-46278-3 ISBN 978-3-319-46279-0 (eBook)

DOI 10.1007/978-3-319-46279-0

Library of Congress Control Number: 2016950753

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the

material is concerned, speciﬁcally the rights of translation, reprinting, reuse of illustrations, recitation,

broadcasting, reproduction on microﬁlms or in any other physical way, and transmission or information

storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now

known or hereafter developed.

The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication

does not imply, even in the absence of a speciﬁc statement, that such names are exempt from the relevant

protective laws and regulations and therefore free for general use.

The publisher, the authors and the editors are safe to assume that the advice and information in this book are

believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors

give a warranty, express or implied, with respect to the material contained herein or for any errors or

omissions that may have been made.

Printed on acid-free paper

This Springer imprint is published by Springer Nature

The registered company is Springer International Publishing AG Switzerland

Contents

Contributing Authors ix

Preface xvii

PART I THEMES AND ISSUES

On a Scientiﬁc Theory of Digital Forensics

Martin Olivier

Data Privacy Perceptions About Digital Forensic Investigations in

India

Robin Verma, Jayaprakash Govindaraj and Gaurav Gupta

A Framework for Assessing the Core Capabilities of a Digital Foren-

sic Organization

Ahmed Almarzooqi and Andrew Jones

PART II MOBILE DEVICE FORENSICS

Optimizing Short Message Text Sentiment Analysis for Mobile De-

vice Forensics

Oluwapelumi Aboluwarin, Panagiotis Andriotis, Atsuhiro Takasu and

Theo Tryfonas

Impact of User Data Privacy Management Controls on Mobile De-

vice Investigations

Panagiotis Andriotis and Theo Tryfonas

Analyzing Mobile Device Ads to Identify Users

107

Jayaprakash Govindaraj, Robin Verma and Gaurav Gupta

vi ADVANCES IN DIGITAL FORENSICS XII

A Forensic Methodology for Analyzing Nintendo 3DS Devices

127

Huw Read, Elizabeth Thomas, Iain Sutherland, Konstantinos Xynos and

Mikhaila Burgess

PART III NETWORK FORENSICS

Reconstructing Interactions with Rich Internet Applications from

HTTP Traces

147

Sara Baghbanzadeh, Salman Hooshmand, Gregor Bochmann, Guy-

Vincent Jourdan, Seyed Mirtaheri, Muhammad Faheem and Iosif Viorel

Onut

Reconstructing Tabbed Browser Sessions Using Metadata Associations

165

Sriram Raghavan and S.V. Raghavan

A Probabilistic Network Forensic Model for Evidence Analysis

189

Changwei Liu, Anoop Singhal and Duminda Wijesekera

PART IV CLOUD FORENSICS

API-Based Forensic Acquisition of Cloud Drives

213

Vassil Roussev, Andres Barreto and Irfan Ahmed

The Cloud Storage Ecosystem – A New Business Model for Internet

Piracy?

237

Raymond Chan, Kam-Pui Chow, Vivien Chan and Michael Kwan

PART V SOCIAL MEDIA FORENSICS

Windows 8.x Facebook and Twitter Metro App Artifacts

259

Swasti Bhushan Deb

Proﬁling Flash Mob Organizers in Web Discussion Forums

281

Vivien Chan, Kam-Pui Chow and Raymond Chan

Contents vii

PART VI IMAGE FORENSICS

Enhancing Image Forgery Detection Using 2-D Cross Products

297

Songpon Teerakanok and Tetsutaro Uehara

Forensic Authentication of Bank Checks

311

Rajesh Kumar and Gaurav Gupta

PART VII FORENSIC TECHNIQUES

Data Type Classiﬁcation: Hierarchical Class-to-Type Modeling

325

Nicole Beebe, Lishu Liu and Minghe Sun

Secure File Deletion for Solid State Drives

345

Bhupendra Singh, Ravi Saharan, Gaurav Somani and Gaurav Gupta

PART VIII FORENSIC TOOLS

A Tool for Volatile Memory Acquisition from Android Devices

365

Haiyu Yang, Jianwei Zhuge, Huiming Liu and Wei Liu

Advanced Automated Disk Investigation Toolkit

379

Umit Karabiyik and Sudhir Aggarwal

Contributing Authors

Oluwapelumi Aboluwarin is a Software Engineer with Nexmo, Lon-

don, United Kingdom. His research interests include natural language

processing, text mining and conversational user interfaces.

Sudhir Aggarwal is a Professor of Computer Science at Florida State

University, Tallahassee, Florida. His research interests include password

cracking, information security and building software tools and systems

for digital forensics.

Irfan Ahmed is an Assistant Professor of Computer Science at the

University of New Orleans, New Orleans, Louisiana. His research inter-

ests are in the areas of malware detection and analysis, digital forensics,

industrial control systems security and Internet of Things security.

Ahmed Almarzooqi is a Ph.D. student in Digital Forensics at De

Montfort University, Leicester, United Kingdom. His research interests

include digital forensics and information security.

Panagiotis Andriotis is a Research Associate in the Information Se-

curity Research Group, Department of Computer Science, University

College London, London, United Kingdom. His research interests in-

clude digital forensics, text mining, content analysis, systems security

and human aspects of security, privacy and trust.

Sara Baghbanzadeh is a Software Engineer with Gnowit, Ottawa,

Canada. Her research interests include web crawling and session recon-

struction for rich Internet applications.

x ADVANCES IN DIGITAL FORENSICS XII

Andres Barreto is a Software Developer for Archon Information Sys-

tems, New Orleans, Louisiana. His research interests include digital

forensics and building scalable and usable web applications.

Nicole Beebe is an Associate Professor of Cyber Security at the Univer-

sity of Texas at San Antonio, San Antonio, Texas. Her research interests

include digital forensics, cyber security and advanced analytics.

Gregor Bochmann is a Professor of Computer Science at the Univer-

sity of Ottawa, Ottawa, Canada. His research interests include software

engineering for distributed applications, peer-to-peer systems and rich

Internet applications.

Mikhaila Burgess is an Associate Professor of Digital Forensics at

Noroﬀ University College, Kristiansand, Norway. Her research interests

include digital forensics, information security, data management and big

data.

Raymond Chan is a Ph.D. student in Computer Science at the Uni-

versity of Hong Kong, Hong Kong, China. His research interests include

digital forensics and critical infrastructure protection.

Vivien Chan is a Research Project Manager at the University of Hong

Kong, Hong Kong, China. Her research interests include cyber criminal

proﬁling and digital forensics.

Kam-Pui Chow is an Associate Professor of Computer Science at the

University of Hong Kong, Hong Kong, China. His research interests

include information security, digital forensics, live system forensics and

digital surveillance.

Swasti Bhushan Deb is a Senior Project Manager at the Kolkata Cy-

ber Laboratory, Data Security Council of India, Kolkata, India. His

research interests include cyber crime detection, and computer and mo-

bile device forensics.